How to enable SSL for a .NET project in Visual Studio

Say you have a .NET MVC or Web API project and you’d like to run it on SSL. In other words you’d like to start up the project on a URL similar to https://localhost:xxxx.

The first step is easy. You just select the MVC/Web API project name in the solution and locate the property called “SSL Enabled” in properties window:

The same properties window will also show the HTTPS url for the application. In the above example it’s https://localhost:44300/. Copy that URL and go to the project properties window. Locate the Web tab and override the Project Url property with the https address:

Start the application. You’ll likely get a message in the browser saying that the localhost address is not trusted, you can continue to the website at your own risk. Here’s a Chrome example in Swedish:

The problem is that the certificate that was installed automatically for you by Visual Studio is not trusted. You can locate the certificate in the Personal folder of the computer-level certificates in the certificates snap-in:

If you double-click the certificate you’ll see that it’s not trusted:

The message also provides the solution: the certificate must be imported into the trusted root certification authorities folder. You’ll see that as a folder in the same snap-in just below “Personal”. So how can we do that?

Right-click the certificate, then select All Tasks, Export… from the context menu. Click Next on the certificate export wizard. Leave the “Do not export the private key” option untouched, click Next. Accept the default on the next screen, i.e. “DER encoded binary X.509” should stay selected, then click Next. Then you’ll need to provide a name and a location for the exported file. Call it “localhost” and save it in a location where you can easily find it. Click Next and the Finish. There should be a popup message saying that the export was successful.

Next right-click the folder called Trusted Root Certification Authorities and select All Tasks, Import… from the context menu. Leave the “Local Machine” option untouched in the certificate import wizard, click Next. Browse to the certificate you saved just before. Click Next and accept all the default values along the way until you reach the end of the wizard. There should be a message saying that the import was successful.

If you now go back to the Personal store and double-click the localhost certificate then you should see that it’s trusted:

OK, let’s start the .NET web project again, the opening page should open without any warning. If you still see the same issue then test it a brand new browser session, e.g. here in IE:

You can also view the extracted certificate from the browser window. Here’s an example from IE:

Using Windows 10 and going to Start and typing in cert I was able to get to the Manage Computer Certificates part of the Control Panel. Supposedly the in the control panel though I couldn’t find it directly using that, but clicking on it after it popped up in start as I just described got me to the snap-in you mentioned.

Thanks, I get used to going through the various BS answers till I find a work around or a series of work arounds that cure the immediate symptom. Your solution resolves the problem without witchcraft or magic beans! Good work!

My goal with this blog is to offend everyone in the world at least once with my words… so no one has a reason to have a heightened sense of themselves. We are all ignorant, we are all found wanting, we are all bad people sometimes.